CSF firewall can block all traffic from a country or list of counrty using GeoIP database. To block a country, edit file
|
1 |
/etc/csf/csf.conf |
Find
|
1 |
CC_DENY="" |
Replace with
|
1 |
CC_DENY="2_LETTER_COUNTRY_CODE" |
Here is an example to block all traffic from China
|
1 |
CC_DENY="CN" |
If you want to block another counrt, you can add it like
|
1 |
CC_DENY="CN,RU" |
Now restart csf […]
To disable IP block alert in CSF firewall, run
|
1 |
sed -i "s/LF_PERMBLOCK_ALERT\s*=.*$/LF_PERMBLOCK_ALERT = \"0\"/g" /etc/csf/csf.conf |
Restart lfd and csf
|
1 2 |
systemctl restart lfd csf -r |
See csf firewall […]
To block all traffic from a country in CSF Firewall edit file /etc/csf/csf.conf
|
1 |
vi /etc/csf/csf.conf |
Find the line
|
1 |
CC_DENY = "" |
In this line, you can add 2 Letter country code. For example to block China and Russia, add
|
1 |
CC_DENY = "CN,RU" |
Now you need to restart firewall with command
|
1 2 |
systemctl restart lfd csf -r |
[…]
firewall-cmd iptables Install bitninja firewall https://opnsense.org […]
To unban an IP from CSF firewall, run
|
1 |
csf -dr IP_ADDR |
Here i have an IP blocked in firewall.
|
1 2 3 4 |
[root@server22 ~]# iptables -L -n | grep 13.224.29.193 DROP all -- 13.224.29.193 0.0.0.0/0 LOGDROPOUT all -- 0.0.0.0/0 13.224.29.193 [root@server22 ~]# |
To see if CSF is blocking the IP, run
|
1 |
csf -g IP_ADDR |
Example This command also give reason for why the IP is blocked. Lets unban the IP address with command
|
1 |
csf -dr IP_ADDR |
Now IP should not be listed in […]